Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
Concrete CMS is vulnerable to CSRF via Backend\File::approveVersion Low
CVE-2026-8340 was published for concrete5/concrete5 (Composer) May 26, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion() Low
CVE-2026-8435 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple() Low
CVE-2026-8434 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan() Low
CVE-2026-8433 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star() Low
CVE-2026-8432 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id) Low
CVE-2026-8427 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id) Low
CVE-2026-8416 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder Low
CVE-2026-8415 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design Low
CVE-2026-8413 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate Low
CVE-2026-8414 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache Low
CVE-2026-8412 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete Low
CVE-2026-8411 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete Low
CVE-2026-8410 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete Low
CVE-2026-8409 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS is Vulnerable to Cross-Site Request Forgery High
CVE-2026-8428 was published for concrete5/concrete5 (Composer) May 21, 2026
Concrete CMS is vulnerable to unauthorized file deletion Low
CVE-2026-7882 was published for concrete5/concrete5 (Composer) May 22, 2026
Concrete CMS contains a CSRF vulnerability High
CVE-2026-8421 was published for concrete5/concrete5 (Composer) May 21, 2026
Concrete does not validate a CSRF token before processing requests to `/dashboard/extend/update/do_update/<pkgHandle>` High
CVE-2026-8417 was published for concrete5/concrete5 (Composer) May 21, 2026
Concrete CMS does not validate a CSRF token before processing requests to `/dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>` High
CVE-2026-8426 was published for concrete5/concrete5 (Composer) May 21, 2026
Concrete CMS is Vulnerable to Cross-Site Request Forgery High
CVE-2026-8140 was published for concrete5/concrete5 (Composer) May 21, 2026
symfony/ux-live-component: CSRF Protection Bypass — Accept Header is CORS-Safelisted Low
CVE-2026-49215 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Kocal Credited to Kocal
Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module High
CVE-2026-55744 was published for cotonti/cotonti (Composer) Jun 18, 2026
Cotonti: Cross-Site Request Forgery in the administration rights handler Critical
CVE-2026-55742 was published for cotonti/cotonti (Composer) Jun 18, 2026
Cotonti: Cross-Site Request Forgery in the Personal File Storage (PFS) module Moderate
CVE-2026-55745 was published for cotonti/cotonti (Composer) Jun 18, 2026
Admidio PKCS#12 private key export action lacks CSRF protection Moderate
CVE-2026-47232 was published for admidio/admidio (Composer) May 29, 2026
0x2face Credited to 0x2face, ADHAM-KHAIRY, 0xreizouko, spect3r1, agn4by, BabaYaga0x01, Elkhatebx22, 00xCanelo, and 0xheg3zy ADHAM-KHAIRY ADHAM-KHAIRY
0xreizouko 0xreizouko spect3r1 spect3r1 agn4by agn4by BabaYaga0x01 BabaYaga0x01 Elkhatebx22 Elkhatebx22 00xCanelo 00xCanelo 0xheg3zy 0xheg3zy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database